About The Author
This study has been authored by Hasaan Anwar Raza. Hasaan is a Technical Project
Manager in the Digital Financial Services team of Karandaaz Pakistan. He has an extensive
experience of Technology Strategy, Planning and Implementation of financial products and
services.
The views expressed in this document are those of the author and do not necessarily reflect
the views and policies of Karandaaz Pakistan or the donors who have funded the study.
©2017 Karandaaz Pakistan
Table of Contents
Glossary ___________________________________________________________________________________________________ 1
The Company _____________________________________________________________________________________________ 2
Introduction ______________________________________________________________________________________________ 3
Objective __________________________________________________________________________________________________ 4
Core Banking System _____________________________________________________________________________________ 6
Financial Switch __________________________________________________________________________________________ 8
API Management _______________________________________________________________________________________ 10
Mobile Financial Services ______________________________________________________________________________ 12
Conclusion ______________________________________________________________________________________________ 14
Annex 01: Reference Architecture ____________________________________________________________________ 15
Table of Figures
Figure 1 .............................................................................................................................................................................................................5
Figure 2 .............................................................................................................................................................................................................8
Figure 3 .......................................................................................................................................................................................................... 10
Figure 4 .......................................................................................................................................................................................................... 11
Figure 5 .......................................................................................................................................................................................................... 12
Page | 1
©2017 Karandaaz Pakistan
Glossary
Acronym Description
AD Active Directory
ADC Alternate Delivery Channel
AML Anti-Money Laundering
API Application Programming Interface
ATM Automated Teller Machine
BCM Business Continuity Management
CAPEX Capital Expenditure
CBS Core Banking Solution
COBIT Control Objectives for Information and Related Technologies
COTS Commercial Off-The-Shelf
CRM Customer Relationship Management
CVV Card Verification Value
DFS Digital Financial Services
EOD End of Day
EOM End of Month
ERP Enterprise Resource Planning
G2P Government-to-Person
HSM Hardware Security Module
ICT Information and Communications Technology
ISO International Organization for Standardization
IVR Interactive Voice Response
KYC Know Your Customer
MIS Management Information System
NFC Near Field Communication
NMS Network Management System
P2G Person-to-Government
PAN Primary Account Number
PIN Personal Identification Number
POS Point-of-Sale
QR Code Quick Response Code
SAF Store and forward
SMS Short Message Service
SMSC Short Message Service Centre
UBPS Utility Bill Payment System
USSD Unstructured Supplementary Service Data
Page | 2
©2017 Karandaaz Pakistan
The Company
Karandaaz Digital
Focuses on expanding access to digital financial services in Pakistan by working across the
ecosystem with all stakeholders including regulators, policymakers, government
departments, businesses, researchers and academics.
Karandaaz Capital
Invests growth capital in small and medium size enterprises (SMEs) with the twin objectives
of generating financial returns for Karandaaz Pakistan and supporting broad-based
employment generation in Pakistan.
Karandaaz Knowledge Management and Communication
Develops and disseminates evidence-based insights and solutions to inform the core themes
of the organization, including innovation, women entrepreneurship and youth, and to
influence the financial ecosystem to promote financial inclusion in Pakistan.
Karandaaz Pakistan is a not-for-profit development finance company
established in 2014 and registered with the Securities and Exchange
Commission of Pakistan (SECP). The organization promotes access to finance
for small businesses through commercially directed investments, and
financial inclusion for individuals by employing technology-enabled digital
solutions. It operates through three program verticals:
Karandaaz Pakistan has received funding from the United Kingdom
Department for International Development (DFID) and Bill and Melinda
Gates Foundation (BMGF).
Page | 3
©2017 Karandaaz Pakistan
Introduction
The Financial Services industry in Pakistan is
currently at varying degrees of digital maturity.
While on one side we have organizations which
are leading the digital transformation and
innovation in the industry; on the far side of the
spectrum we have organizations which are in
the preliminary stages of their digital journeys.
The telecoms are leading the digital front –
benefitting from their technology reliant core
business. The banks are following up with their
digital strategies and tactical plans to
transform the digital journey of their
customers. These are followed by government
institutions which have a far greater outreach
to the unbanked and under-served population
of the country.
At Karandaaz Pakistan, we are committed to
uplifting the overall knowledge and abilities of
the Digital Financial Services (DFS) industry.
There is a need to quickly capitalize on new
market opportunities. Players who want to
jump on the DFS bandwagon have a lot of
catching up to do. Karandaaz Pakistan sees this
as a significant opportunity to improve service
delivery by providing a means to digitize a
range of payment use cases. A considerable
impact can be delivered by digitizing
government payments alone. This is because
digitization helps reduce the cost of a
transaction. It also provides greater access to
formal financial services by simplifying the
procedural requirements of opening a digital
transaction account and performing digital
transactions. Such interventions hold the
potential for increasing digital financial
inclusion for the unbanked by collaboration
between the regulator, various government
institutions, commercial banks, and telecoms.
As part of its efforts to support the Digital
Financial Services industry, Karandaaz Pakistan
is providing an overview of the technology
domains that are essential for setting up a DFS
ecosystem. This study lists the product features
and capabilities of various platforms to deliver
solutions for clients. It is anticipated that these
efforts would build the knowledge and capacity
of our partners and stakeholders in the DFS
space.
Page | 4
©2017 Karandaaz Pakistan
Objective
The objective of this study is to act as a
guide for the industry; enabling the
practitioners of Digital Financial Services to
make well-informed decisions when it
comes to building, expanding, or upgrading
their technology enterprise stacks.
While writing this document, a conscious
effort has been made to ensure that it is
written in a manner that even professionals
without a technology background are able
to comprehend and benefit from this
information.
Technology Domains
In the scope of this study, we have discussed the following four domains – three of which are central to
most DFS implementations. One of these, API Management, is a relatively new phenomenon that is
rapidly becoming commonplace in digital implementations the world over. A brief description of these
domains has been provided below, with detailed sections to follow.
Core Banking System
o A software that enables the processing of financial transactions, manages the customer
account and maintenance of other financial records.
Financial Switch
o Enables the authorization and routing of financial transactions between a financial
institution’s internal platforms (such as Core Banking and Card Management systems)
and external networks (such as the Interbank Fund Transfer network). It can be used
to drive front-end devices such as ATMs and Point-of-Sale (POS) terminals.
API Management
o Enables an enterprise to create, publish, analyze and manage APIs to external
consumers in a secure and scalable environment.
Mobile Financial Services
o Similar to a Core Banking System, a Mobile Financial Services platform enables basic
financial transactions such as bill payments and top-ups, disbursements and
collections, cash deposits and withdrawals, fund transfers, and agent liquidity
management.
APIs, or Application Programming Interfaces, are a set a programming functions and procedures which
allow one software application to access the features or data of another application exposing the APIs.
An enterprise stack is a collection of
software applications and hardware,
designed specifically for large
organizations such as commercial
banks and telecom operators.
Page | 5
©2017 Karandaaz Pakistan
Figure 1
Figure 1 illustrates the placement of these technology domains in a layered architecture.
In the end of this study (Annex 01), we have provided a high-level representation of a Reference
Architecture for Digital Financial Services which expands the layered architecture shown in Figure 1.
We have not detailed the various components depicted in Annex 01. Please note that that illustration is
for reference purpose only – actual implementations may differ depending upon the need and purpose
of the business.
The Reference Architecture can also be considered as a Service Landscape that depicts the various
business domains, products, and services provided by an organization.
Page | 6
©2017 Karandaaz Pakistan
Core Banking System
A core banking system is at the heart of any banking institution’s
technology enterprise application stack. “Gartner defines a core
banking system as a back-end system that processes daily banking
transactions and posts updates to accounts and other financial
records. Core banking systems typically include deposit, loan and
credit processing capabilities, with interfaces to general ledger
systems and reporting tools.”1
A Core Banking System generally comprises of the following
features:
Customer Account and KYC Management:
This includes account opening, capturing KYC information and documents, manage the process
flow of registration, maintain account statuses, manage updates in customer’s KYC and account
information, Closure of Account, Customer Profile, Level of Account, etc.
Multiple Account Options:
The system should enable opening of multiple account types such as Current Account, Deposit
Account, Corporate Current Account, and Savings Account.
Loans, Leasing, Credit Management:
Ability to manage both Consumer as well as Corporate loans and leasing products.
Cards Management:
This includes linking of Debit, Credit, and ATM Cards to customer’s account; as well as
processing of Card Transactions, Card Billing and Payments.
Transaction Management:
The financial transaction processing engine manages all the debit and credit transactions.
General Ledger and Accounting Management:
Integration with the General Ledger system for reporting of accrual transactions and closing
entries, and consolidation of financial statements.
Core Operations:
This includes the back office functions such as managing authorizations based on Maker-
Checker concept; execution of End of Day (EOD) and End of Month (EOM) batch processes; cash
management; teller operations; configuration of interest, commission, fees and taxes;
configuring products and defining product rules; etc.
AML, Fraud and Risk Management:
This is catered either as a sub-module of Core Banking or via integration with a separate
dedicated AML, Fraud and Risks Management module for validation and verification of
accounts and transaction patterns.
1 Gartner, http://www.gartner.com/it-glossary/core-banking-systems/
A Core Banking
Application is
generally the most
capex-intensive
platform in a
financial enterprise
stack.
Page | 7
©2017 Karandaaz Pakistan
Reporting and MIS:
Regulatory reports, Analytical reports, Operational and Monitoring reports, Product-based
reports.
Access Control and User Management:
The system allows limited access to confidential information by authorized users only. These
users can be assigned to configurable roles with defined access levels.
According to a Gartner Industry Research Note2, following are some of the key evaluation criteria to
focus on during the selection process of a Core Banking System:
1. Functionality
2. Flexibility
3. Cost
4. Viability
5. Operational performance
6. Program management
7. Partner management
8. Customer references
2 Gartner, Core Banking System Selection: Criteria That Matter, 27 April 2011
Page | 8
©2017 Karandaaz Pakistan
Financial Switch
A financial switch is a platform that allows various financial platforms and applications to communicate
and perform financial transactions. A financial switch is also sometimes referred to as a Payment
Switch, an Enterprise Switch or a Financial Gateway.
Financial switches are typically used by financial institutions such as banks, Digital Financial Services
Providers, and interbank network operators. As the number of participating members in a network
increases, the total number of integrations required increases exponentially. This is where a financial
switch plays its role. A financial switch typically performs the following functionalities:
Provide a routing mechanism for participating
systems
Translate the messages as participating systems
may use different protocols
Provide a secure and robust communication
channel for financial transactions
There are various types of financial switches used in the
global financial industry. These can be segregated by the
following functions:
Online or Batch Processing
Real-time or Net Settlement
Instrument Type (Debit Card, Credit Card, or
Card-less)
Figure 2
As illustrated in Figure 2, a Financial Switch usually comprises of the following features:
Switching and Routing:
This component maintains the communication connection over the network layer. It manages
the routing of messages of between internal and external platforms by utilizing message
translation between protocols. Business logic rules are implemented to make routing decisions
A financial switch may be used
as an enterprise middleware
to integrate internal systems
in an organization; as a
gateway to integrate with
external entities; or as an
industry switch to provide
communication between
business entities.
Page | 9
©2017 Karandaaz Pakistan
based on PIN translation. Store-and-forward (SAF) queue mechanism and timers are used to
manage the flow of messages between two systems.
Transaction Processing:
This comprises of the authorization of financial transactions, clearing and settlement.
Channel Management:
This is used to integrate, manage configurations and monitor the financial operations of
various channels. The integration protocols used by financial switches are ISO 8583, ISO 20022,
or Open APIs.
Card Management:
This is used to manage multiple card products. It includes card production, PAN provisioning,
generation of CVV/CVV2, Card linking to customer’s accounts, card status management, etc.
Utility Bill Payments:
A Financial Switch can be integrated with a UBPS module to allow online and offline
mechanisms of bill presentment and bill payment.
ATM Controller:
Allows to manage and monitor the operations of ATMs. ATM functionalities, statuses and
screen flows can be configured with the help of this feature.
Product Configuration and Reporting:
This allows to implement basic product customizations and reporting requirements.
Security:
The switch is responsible to authorize the PINs of all financial transactions via a hardware
security module (HSM).
Page | 10
©2017 Karandaaz Pakistan
API Management
API Management is a relatively new
phenomenon in the world of digital
enterprises. “Full life cycle API management is
about the planning, design, implementation,
publication, operation, consumption,
maintenance and retirement of APIs.”3 As
various organizations are evolving their
technology capabilities, the focus is
increasingly shifting towards implementing
API-based applications to achieve the objectives of their digital strategies.
By possessing the capability of API Management, an organization may successfully accomplish digital
innovation by allowing easy access to the developer community at large. Moreover, such a capability
allows it to monetize the use of its APIs by provisioning them as new products or access channels for
customers and business partners.
Figure 3
3 Gartner, Magic Quadrant for Full Life Cycle API Management, 27 October 2016.
Such organizations have realized the
financial value of exposing APIs to the
outside world as service building
blocks for third party applications.
Page | 11
©2017 Karandaaz Pakistan
As depicted in Figure 3, an API Management platform typically consists of the following components:
API Gateway:
This component acts as the mediator between the internal and external domains. API requests
are received at the front-end from third-party integrators, modified and orchestrated, and
passed on to the back-end services. API Gateways also ensure the implementation of
performance throttling and security policies.
API Creation and Publishing Tools:
This component is used by API providers to expose the internal APIs by defining the
parameters, usage policies and access rules. This component primarily manages the API
Lifecycle.
Developer Portal:
This portal is available to the API subscribers for consumption of the exposed APIs.
Reporting and Analytics:
This component provides insights into the usage of the APIs along with their performance to
identify the business impacting trends.
Monetization Module: 45This is used to configure the pricing of commercial APIs for monetization purposes.
4 A Forrester Total Economic Impact™ Study, April 2015
There are many advantages of
implementing an API
Management platform in an
organization. Besides
promoting digital innovation
and providing new revenue
streams, API Management is
also useful for streamlining
existing and new API
integrations. Moreover, it
provides an improved
developer experience and a
centralized mechanism for
operational visibility and
control.
WHY API MANAGEMENT?
Figure 4
Page | 12
©2017 Karandaaz Pakistan
Mobile Financial Services
Mobile Financial Services (also referred to
as Mobile Banking or Branchless Banking)
is defined as providing financial services
using an agent network and
communications technologies, resulting in
minimum dependency on conventional
bank branches.
Figure 5
As can be seen in Figure 5, a Mobile Financial Services solution typically comprises of the following
features:
Channel Integration:
This layer is responsible for all external integrations with the telecom services and other 3rd
party integrations, e.g. USSD Gateway, SMSC, IVR, internet banking, mobile application, cards
(ATM and POS), Biometric Verification, email exchange, etc.
Core Application:
This comprises of transaction processing, bulk processing, notifications handling, account
management, mobile wallets, KYC management, etc.
Business Configuration:
This includes configuration of products, services, pricing, transaction rules, notifications
messages, USSD menu, etc.
Most of the solutions currently
offered for this domain are a reduced
amalgamation of Core Banking
Systems (CBS) and Alternate Delivery
Channels (ADC) found in a
conventional bank.
Page | 13
©2017 Karandaaz Pakistan
Payment Services:
This comprises of services such as bill payments, airtime top-ups, e-commerce payments,
domestic remittances (money transfers), card payments, international remittances, cash
deposits and cash withdrawals.
Back-office Operations:
This includes User Management, Role Management, maker-checker authorization, agent
hierarchy management, definition of transaction limits, cash management, etc.
Supporting Services:
This involves services which are utilized for service monitoring, alarm generation, reporting,
event logging, etc.
Page | 14
©2017 Karandaaz Pakistan
Conclusion
In this study, we have touched upon the
features and functions of only a select few
platforms that play a vital role in the Digital
Financial Services Technology Landscape. It
should be noted that this domain has evolved
considerably over the past two decades; and
that it will continue to evolve as technological
enhancements become more accessible.
The recent advancements in technology have
encouraged DFS players to experiment with
new payment mechanisms using NFC and QR
Codes. It is crucial for technology suppliers and
FinTech start-ups to continue exploring the
possibilities and expand the horizons of the
existing DFS space.
When setting up a DFS Enterprise ecosystem, it
is important for DFS Providers to maintain the
right balance between Commercial off-the-shelf
(COTS) platforms and in-house developed
products and services. A good strategy is to
acquire products for mature domains such as
Core Banking Applications and Financial
Switches from established technology
suppliers; but rely on local in-house
development for newer experimental products.
Another aspect that DFS players need to be
cautious of is whether to opt for a multi-vendor
(best-of-breed) ecosystem, or a single vendor
enterprise suite. This is important when setting
up or upgrading a technology stack as it has a
direct impact on your financial expenditure and
vendor management strategy.
As new services and technologies are being
introduced in the industry, it is of utmost
importance for regulators to play their due
role. New technologies always bring with them
a new set of vulnerabilities and challenges for
the customers. By providing guidance policies
and a robust framework on security and
controls, a regulator can ensure that the DFS
providers and technology suppliers can launch
products and services that would have a
minimum negative impact on the well-being of
customers. Though, care has to be taken to
avoid overregulation as it limits
experimentation and innovation.
Last but not least, DFS Providers should have a
firm focus on Enterprise Governance of IT. This
is an area often neglected even by
technologically advanced and established
organizations. There are quite a few
frameworks available for reference that can be
employed in this regard, e.g. COBIT (Control
Objectives for Information and Related
Technologies).
It is well established that Information and
Communications Technology (ICT) plays a vital
role in promoting Financial Inclusion. By
implementing a DFS technology ecosystem in
an effective manner, we can ensure additional
impact on the lives of the underprivileged.